URGENT HELP—When we started with ISTIO 2 years ago, we were able to use the external IP of the ‘ingress-gateway’ as the IP we point to to connect to all of our AKS cluster pods where all of our microservices are running. Sometime ago, it no longer works and we now have to point our APIM gateway to the individual IP for each pod. We also used to use KIALI which allows us to manage the weighted load balancing with this ‘1’ external IP. Since we lost the ability to use ‘1’ IP to point to, we also have challenges with using HPA and liveness probe. We are in process of deploying the HPA for all of our pods and cannot because of this limitation. Can anyone help us with this problem. How are other customers of ISTIO able to connect to multiple pods without having having to point to individual pod’s IP? We need to have the ‘IP persistence’. Everytime our pod goes down we have to update the IP in the API Gateway. Please help. Any help would greatly help us tremendously!! We are currently using AKS cluster version 1.22.6 and ISTIO 1.13. We are about to upgrade to 1.23 AKS and ISTIO 1.15.
Hi, that sounds really bad. Our setup should be similar. Do you use private AKS?
We are still on Istio 1.11.4 but AKS 1.23. We have several istio ingress gateways bound to statically assigned internal IPs that are associated to internal domains. Our APIM points to one of them.
We use the following values to bind an ingressgateway instance to the IP and the subnet:
gateways:
istio-ingressgateway:
loadBalancerIP: "YOUR_INTERNAL_IP"
autoscaleMin: 2
serviceAnnotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "NAME_OF_THE_SUBNET_WITH_IP"
name: istio-ingressgateway-apim
labels:
app: istio-ingressgateway-apim
istio: ingressgateway-apim